PHP文件上传被“劫持”通过部分上传 [英] PHP file uploads being "hijacked" by partial uploads
问题描述
我有一个网站,每天接收30-40k的照片上传,现在我看到一个问题出现频率更高。这个问题是这样的:
我们的上传脚本接收(通过$ _FILES ['name'] ['tmp_name'])一个文件(照片)用户&大部分时间收到的文件是一个部分上传。
当然,起初我以为这是我的PHP代码犯了一个简单的错误,我花了天仔细查看,以确保,但在检查代码后,我发现通过HTTP POST上传到PHP的文件实际上是错误的文件。所以这个问题发生在它到达我的代码之前。脚本收到的tmp文件(phpxxxx)有时是不正确的,就好像它被另一个进程覆盖一样,通常被部分上传的文件覆盖。
有没有人看到过这样的问题?任何帮助是极大的赞赏。在搜索/询问其他PHP开发人员的日子之后,我将此视为最后的手段。
因此,回顾一下:用户上传照片
您可以为临时文件尝试不同的名称以避免被覆盖?你能找出新的,不正确的和不完整的文件的来源?
这是一个开发环境吗?是否有多个用户同时上传文件?
用非常小的图片试试你的程序来检查SchizoDuckie对于文件大小问题是否正确。 p>
尝试使用不同的导航器,以消除当地存在的问题。
检查目录的权限临时文件存储在那里。
I have a site that is receiving 30-40k photo uploads a day and I've been seeing an issue pop up with more frequency now. This issue is this:
Our upload script receives (via $_FILES['name']['tmp_name']) a file (photo) that was NOT uploaded by the user & the majority of the time the file received is a "partial" upload.
Of course at first I thought it was my PHP code making a simple mistake and I've spent days looking over it to make sure, but after placing checks in the code I've found that the file received via a HTTP POST upload to PHP is actually the wrong file. So the issue is happening before it reaches my code. The tmp file (phpxxxx) received by the script is sometimes incorrect, as if it was somehow being overwritten by another process and its usually overwritten by a file that was partially uploaded.
Has anyone every seen an issue like this? Any help is greatly appreciated. I'm turning to this as a last resort after days of searching/asking other PHP devs
So to recap:
- User uploads a photo
- PHP script receives a file that was not uploaded by the user (pre code, via $_FILES in /var/tmp)
- Usually the incorrect file received is a partial upload or a broken upload
- It seems to happen randomly and not all the time
Can you try different names for the temp file to avoid its being overwritten? Can you identify the origin of the new, incorrect and incomplete file?
Is this a development environment? Is it possible that more than one user is uploading files at the same time?
Try your program with very small images to check if SchizoDuckie is correct about filesize problems.
Try with different navigators to eliminate the admittedly remote possibility that it is a local problem.
Check permissions on the directory where the temp file is stored.
这篇关于PHP文件上传被“劫持”通过部分上传的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
